mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
92950dbbe6
meldestelle/docs/01_Architecture/Pangolin/Mange_Pangolin/Identity_Providers/Zitadel.md
Stefan Mogeritsch aa157e82f8 docs: add new Access Control and Logs documentation pages 
- Documented Access Control features (e.g., Device Approvals, Password Rotation, 2FA, Custom Login Pages).
- Added detailed descriptions for Logs & Analytics (Access Logs, Request Logs, Action Logs).
- Included configuration instructions and feature-specific notes for Pangolin Cloud and Enterprise Edition.

Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
2026-03-11 11:24:24 +01:00

3.9 KiB
Raw Blame History

Documentation Index

Fetch the complete documentation index at: https://docs.pangolin.net/llms.txt Use this file to discover all available pages before exploring further.

Zitadel

Configure Zitadel Single Sign-On using OpenID Connect

Fastest way to get started with Pangolin using the hosted control plane. No credit card required.

The following steps will integrate Zitadel with Pangolin SSO using OpenID Connect (OIDC).

Prerequisites

These instructions assume you have a working Zitadel organization and project setup already.

Creating an Application in Zitadel

You need to configure an application in Zitadel:

Open an existing project and in `Applications` click `New`. Set the name to something memorable (eg. Pangolin). For `Type of application` choose `Web`. For `Authentication Method` choose `Code`. Leave `Redirect URIs` blank for now. We'll come back to this once the IdP is created. When you click create, you'll be shown the `ClientSecret` and `ClientId`. Make sure to save these somewhere secure - you won't be able to see the Client Secret again. Click `Token settings` then change `Auth Token Type` to `JWT` and check the `User Info inside ID Token` box finally hit `Save`. Still in `Token settings`, check the box for `Include user's roles in the ID Token`. This enables Zitadel to include necessary user profile claims (including `preferred_username`) in the ID token, which Pangolin requires for user identification. Open `URLs` and make note of: 
* `Authorization Endpoint`
* `Token Endpoint`

Configuring Identity Providers in Pangolin

In Pangolin, go to “Identity Providers” and click “Add Identity Provider”. Select the OAuth2/OIDC provider option.

"Name" should be set to something memorable (eg. Zitadel). The "Provider Type" should be set to the default OAuth2/OIDC.

OAuth2/OIDC Configuration (Provider Credentials and Endpoints)

In the OAuth2/OIDC Configuration, you'll need the following fields:

The Client ID from your Zitadel application. The Client Secret from your Zitadel application. Use the `Authorization Endpoint` from your Zitadel application. Use the `Token Endpoint` from your Zitadel application.

Token Configuration

You should leave all of the paths default. In the "Scopes" field, add openid profile email.

Set the "Identifier Path" to `preferred_username` for Zitadel integration.

When you're done, click "Create Identity Provider"! Then, copy the Redirect URL in the "General" tab as you will now need this for your Zitadel application.

Returning to Zitadel

Lastly, you need to edit your Redirect Settings in your Zitadel application. Add the URL you copied to the Redirect URIs, then hit the + button and finally Save. Your configuration should now be complete. You'll now need to add an external user] to Pangolin, or if you have "Auto Provision Users" enabled, you can now log in using Zitadel SSO.